CVE-2020-29651
- EPSS 4.61%
- Veröffentlicht 09.12.2020 07:15:12
- Zuletzt bearbeitet 03.11.2025 22:15:46
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
CVE-2020-27918
- EPSS 1.36%
- Veröffentlicht 08.12.2020 22:15:18
- Zuletzt bearbeitet 21.11.2024 05:22:03
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciou...
CVE-2020-25664
- EPSS 0.71%
- Veröffentlicht 08.12.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:23
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by add...
CVE-2020-1971
- EPSS 6.97%
- Veröffentlicht 08.12.2020 16:15:11
- Zuletzt bearbeitet 29.05.2026 16:16:20
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
CVE-2020-27818
- EPSS 1.2%
- Veröffentlicht 08.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:52
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
CVE-2020-29600
- EPSS 2.91%
- Veröffentlicht 07.12.2020 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:17
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
CVE-2020-29562
- EPSS 1.51%
- Veröffentlicht 04.12.2020 07:15:11
- Zuletzt bearbeitet 09.06.2025 16:15:32
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-27783
- EPSS 3.93%
- Veröffentlicht 03.12.2020 17:15:13
- Zuletzt bearbeitet 17.12.2025 21:15:52
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbit...
CVE-2020-13584
- EPSS 4.45%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:33
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site t...
CVE-2020-25649
- EPSS 17.61%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:20
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.